Mobile Device Security Threats Attract Cybercriminals

Mobile device platforms have become the latest and greatest attack point as mobile device security threats rose to new heights in 2010's fourth quarter and will continue into 2011, security researchers said.

According to the McAfee Threats Report: Fourth Quarter 2010, a growing number of security threats to mobile platforms are emerging as pieces of new mobile malware increased by 46 percent from 2009 to 2010. The report notes that as more consumers use mobile devices and tablets for personal uses and business, cybercriminals have caught on. McAfee Labs said it's seen a steady incline in the number of mobile device security threats.

"The reason mobile devices have become such a big attack space is because they're being used for so much," Adam Wosotowsky, principal engineer at McAfee Labs, told CRN.

In the fourth quarter, the main mobile device security threats were the high-profile SymbOS/Zitmo.A and Android/Geinimi, a Trojan inserted into legitimate mobile apps and games on the Google (NSDQ:GOOG) Android mobile platform.

Wosotowsky said that mobile device security threats are starting to emerge in greater numbers as cybercriminal have started finding ways to make money off of them, whether through malicious apps, mobile device-based e-mail phishing scams or putting spyware onto devices to access mobile banking details or other personal information

"For a while the difficult thing to do was to make money off of mobile malware," he said.

And it appears that Google's Android mobile platform has become a prime target, more so than its mobile OS counterparts from Apple and RIM BlackBerry. Android has bubbled to the top because it has looser restrictions on developing and building applications for the platform.

"In the case of Android, it's a lot easier to write an application to it," Wosotowsky said.

At the 2011 Kaspersky Americas Partner Conference last week, Kurt Baumgartner, senior security researcher for Kaspersky Labs said that as the mobile arena grows, exploits and spyware are being aimed at the Android platform.

"Really clever people are trying to force spyware onto the Droid," he said.

Baumgartner said the consumerization of IT has led to users leveraging the same device for personal and business tasks, which whets an attacker's appetite.

"Around mid-2010 was saw increased effort in exploiting software on Android to deliver payloads," he said. "It increases the risk of users interested in using it as a business and personal device."